Sead,
I agree with you completely. In particular I agree with your
observations regarding e-mail address being for connectivity
and DN for authentication. As I recall some of us gave you a
little bit of a hard time when your first system used e-mail
addresses, so it is quite useful to hear your current views.
But what a scary thought you raised --
the reason why no one is using PEM is because no one has any
secrets, and everyone trusts everyone else. What will we security
types do to make a living? Where is Robert Morris Jr. when we
really need him! :-)
I have briefly scanned the documents which you kindly e-mailed
and FAXed to me, and am beginning to appreciate the problem
some people have with some of my stuff -- there just isn't
time enough to give it the serious reading yours richly deserves.
I did particularly like some of the availability and other issues
which you raised in conjunction with the higher levels of
assurance PCAs and CAs.
I think PEM make the correct decision to use off-line certification
as the baseline, but the continuous and guaranteed availability
of CRLs, or alternatively the real-time confirmation of current
message signature and certificate validity will be very important to
commercial users.
I would welcome your thoughts on my two most recent messages
to Rhys and Warwick concerning CA names and name subordination.
And because it might be quite useful to know what is actually
being implemented, rather than what the RFCs say, could you
outline in some detail exactly what controls your implementation
provides the user with respect to enforcing name subordination,
and restate your various hierarchies' requirements regarding
name subordination as imposed on your CAs?
I plan to ask the same questions regarding RSA's TIPEM, TIS PEM,
and Jeff Schiller's implementation, and anyone else who has an
implementation underway is invited to respond either publically or
privately.
Bob